Freely subscribe to our NEWSLETTER

“The fact that this breach involves an unauthorised access to the company’s database, is a stark reminder of the need for organisations to have visibility of all organisations and systems connected to their network and to appropriately evaluate vendor risks.

Companies often place a huge amount of trust in third party vendors – usually down to reputation if they haven’t been breached before, or if they claim to invest heavily in cybersecurity.

However, IT teams need to be more thorough than this. They should ask themselves questions such as: do I really know how well our suppliers manage their operations; including areas like credential management and patching? How can we tell how much technical debt they are carrying? Is the vendor that was breached three years ago - and then invested a massive amount improving their security - less of a risk than a vendor that’s never had a publicly disclosed breach?
Only once these questions have been answered – using data – can organisations place full trust in the third-party suppliers they work with. This evaluation is not a ’one and done’, and organisations should assess their vendor relationships on a regular basis to ensure suppliers remain cyber secure.

In a world where high-profile supplier breaches have pushed the topic of supplier risk management high up the boardroom priority list, re-evaluating vendor risk has never been more important.”